3 # $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $
13 rcvar="firewall_enable"
14 start_cmd="ipfw_start"
15 start_precmd="ipfw_precmd"
20 # Load IPv4 firewall module, if not already loaded
21 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
22 kldload -n ipfw || return 1
29 # set the firewall rules script if none was specified
30 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
32 if [ -r "${firewall_script}" ]; then
33 . "${firewall_script}"
34 echo -n 'Firewall rules loaded, starting divert daemons:'
36 # Network Address Translation daemon
38 if checkyesno natd_enable; then
39 if [ -n "${natd_interface}" ]; then
40 if echo ${natd_interface} | \
41 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
42 natd_flags="$natd_flags -a ${natd_interface}"
44 natd_flags="$natd_flags -n ${natd_interface}"
48 ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
50 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
51 echo 'Warning: kernel has firewall functionality, but' \
52 ' firewall rules are not enabled.'
53 echo ' All ip services are disabled.'
59 if checkyesno firewall_logging; then
60 echo 'Firewall logging enabled'
61 sysctl net.inet.ip.fw.verbose=1 >/dev/null
66 ${SYSCTL_W} net.inet.ip.fw.enable=1
71 # Disable the firewall
73 ${SYSCTL_W} net.inet.ip.fw.enable=0